1
Q
What problem does Docker primarily solve?
A
Environment inconsistency; it provides a standardized, portable runtime across machines.
2
Q
What is Docker in one sentence?
A
A platform for building, shipping, and running applications consistently using containers.
3
Q
How do containers differ from virtual machines?
A
Containers share the host OS kernel, are lightweight and start in seconds; VMs include a full OS, are heavier, and start slower.
4
Q
Name the main components of Docker architecture.
A
Docker Client, Docker Daemon (Engine), and Registries (e.g., Docker Hub).
5
Q
What command verifies Docker installation by running a test container?
A
docker run hello-world
6
Q
What is an image vs a container?
A
Image: immutable blueprint; Container: running instance of an image.
7
Q
Analogy for image vs container?
A
Image = class; Container = object instance.
8
Q
What does a Dockerfile define?
A
Instructions on how to build a Docker image (base, files, deps, commands).
9
Q
List common Dockerfile instructions.
A
FROM, WORKDIR, COPY, RUN, ENV, EXPOSE, USER, CMD, ENTRYPOINT.
10
Q
When to use ENTRYPOINT vs CMD?
A
ENTRYPOINT defines the main command; CMD provides default arguments that can be overridden.
11
Q
Best practice for tagging images?
A
Use semantic versions or commit SHAs; avoid latest in production.
12
Q
How to build and tag an image named myapp:1.0?
A
docker build -t myapp:1.0 .
13
Q
How to run an image mapping host 8080 to container 8000?
A
docker run -p 8080:8000 <image></image>
14
Q
What does -d mean in docker run?
A
Detached mode (runs in background).
15
Q
How to view running containers?
A
docker ps
16
Q
How to view logs of a container?
A
docker logs <container_id|name> (use -f to follow, -t for timestamps).
17
Q
How to exec into a running container with a shell?
A
docker exec -it <container> sh (or bash).</container>
18
Q
Why use .dockerignore?
A
Reduce build context, speed up builds, and avoid copying secrets/artifacts.
19
Q
How to set env vars at runtime?
A
docker run -e KEY=VALUE <image></image>
20
Q
Does EXPOSE publish the port?
A
No; it documents intended ports. Use -p to publish.
21
Q
Why run containers as non-root?
A
To reduce security risk and prevent privilege escalation.
22
Q
How does build cache speed up builds?
A
Unchanged layers are reused; changing early layers invalidates later cached layers.
23
Q
One strategy to leverage cache with Python deps?
A
COPY requirements.txt first, RUN pip install, then COPY source.
24
Q
How to remove an image by ID?
A
docker rmi <image_id> (use -f to force).</image_id>
25
How to prune unused images?
docker image prune -a
26
How to save and load images to/from a tar?
docker save -o file.tar repo:tag; docker load -i file.tar
27
How to tag and push to Docker Hub?
docker tag local:1.0 user/repo:1.0 && docker push user/repo:1.0
28
Why prefer slim/alpine base images?
Smaller size, faster pulls, reduced attack surface (alpine minimal; slim balanced).
29
What is a volume and why use it?
Externalized storage for containers to persist data across restarts.
30
Create and use a named volume app-data at /app/data.
docker volume create app-data; docker run -v app-data:/app/data
31
Copy a file from container to host.
docker cp :/path/file .
32
What problem does Docker Compose solve?
Defining and running multi-container apps with a single YAML file.
33
Core sections of a docker-compose.yml?
version, services, volumes (and networks).
34
How do services communicate by default in Compose?
Over a project-scoped bridge network; DNS hostname equals the service name.
35
How to build all services?
docker-compose build (use --no-cache to ignore cache).
36
How to start/stop the app?
docker-compose up (-d for detached); docker-compose down.
37
How to view logs of all services?
docker-compose logs (-f to follow).
38
How to scale a service to 3 replicas?
docker-compose up -d --scale =3
39
What does depends_on do?
Sets startup order; may still need healthchecks for readiness.
40
Compose networking hostname for db service?
db (service name acts as DNS hostname).
41
Reverse proxy rationale in production?
Use Nginx to terminate HTTP(S), route to app containers, and load balance.
42
Simple production flow with Compose?
Push image → on server: docker-compose -f docker-compose.prod.yml pull && up -d.
43
Why reduce image size for deploys?
Faster push/pull, smaller attack surface, lower costs.
44
What is ECS and its two launch types?
AWS container orchestrator; EC2 (you manage nodes) and Fargate (serverless).
45
Basic ECS workflow steps?
Build image → push to ECR → create cluster → task definition → service → expose via ALB.
46
What problem does Kubernetes solve?
Automates deployment, scaling, and management of containers at scale.
47
Key Kubernetes features?
Self-healing, scaling, load balancing, rolling updates/rollbacks, storage orchestration, service discovery.
48
Control Plane vs Worker Nodes?
Control Plane makes cluster decisions; Worker Nodes run workloads (pods).
49
Name core control plane components.
API Server, etcd, Scheduler, Controller Manager, Cloud Controller Manager (optional).
50
Name core worker node components.
Kubelet, Kube-proxy, Container Runtime (containerd, CRI-O, Docker shim removed).
51
What is a Pod?
Smallest deployable unit encapsulating one or more containers sharing network and storage.
52
What is a Deployment?
Controller managing replica sets and pods, providing scaling and rolling updates.
53
What is a ReplicaSet?
Ensures a specified number of pod replicas are running; used by Deployments.
54
What is a Service in Kubernetes?
Stable networking abstraction to access a set of Pods via labels.
55
Types of Services?
ClusterIP, NodePort, LoadBalancer, ExternalName.
56
What is a ConfigMap?
Stores non-sensitive configuration as key-value pairs.
57
What is a Secret?
Stores sensitive data (base64-encoded by default); use KMS/SealedSecrets for real encryption.
58
What is a Volume/PVC/PV?
Volume mounts storage in pods; PVC requests storage; PV provides storage.
59
What is a Namespace?
Logical partitioning within a cluster for isolation, policy, and quotas.
60
What is Ingress vs Ingress Controller?
Ingress defines routing rules; Controller enforces them (e.g., NGINX).
61
Minikube purpose?
Run a local single-node Kubernetes cluster for learning/dev.
62
kubectl purpose?
CLI to interact with the Kubernetes API server using kubeconfig.
63
General command pattern for kubectl?
kubectl [flags].
64
List pods in all namespaces.
kubectl get pods -A
65
Describe a pod.
kubectl describe pod
66
Tail logs from a pod.
kubectl logs -f
67
Exec into a pod with bash.
kubectl exec -it -- /bin/bash
68
Create a deployment named myapp with nginx image.
kubectl create deployment myapp --image=nginx
69
Scale a deployment to 3 replicas.
kubectl scale deployment myapp --replicas=3
70
Update image of a deployment.
kubectl set image deployment/myapp nginx=nginx:1.25
71
Expose a deployment as NodePort 80.
kubectl expose deployment myapp --type=NodePort --port=80
72
Apply and delete a YAML manifest.
kubectl apply -f file.yaml; kubectl delete -f file.yaml
73
Four key sections of most K8s YAML files?
apiVersion, kind, metadata, spec.
74
How do Deployments map to Pods via labels?
spec.selector.matchLabels matches template.metadata.labels; Services select labels too.
75
What does status section represent?
Runtime state added by the system (phase, conditions, podIP, containerStatuses).
76
How to trigger a rollout restart after config changes?
kubectl rollout restart deployment
77
ClusterIP use case?
Internal communication between services.
78
NodePort use case and caveat?
External access via :; limited port range, not ideal for prod.
79
LoadBalancer use case?
Externally accessible service with a cloud provider load balancer.
80
ExternalName use case?
Alias to an external DNS name (e.g., SaaS DB).
81
Why use Ingress over multiple LoadBalancers?
Single entrypoint, host/path routing, TLS termination, cost efficiency.
82
How to enable NGINX Ingress in Minikube?
minikube addons enable ingress
83
Mapping host mongo-express.local to service 8081 path /?
Create Ingress rule for host mongo-express.local pointing to mongo-express-service:8081; add hosts entry.
84
When to use emptyDir vs hostPath vs PVC?
emptyDir: temp cache; hostPath: node files/single-node; PVC: real persistence across restarts.
85
When to prefer StatefulSet over Deployment?
For stateful apps needing stable identity, storage, and ordered startup (DBs, Kafka).
86
What DNS naming do StatefulSets provide?
pod-ordinal.service.namespace.svc.cluster.local (stable per pod).
87
What is a headless service and why used?
Service with clusterIP: None providing stable DNS without a virtual IP; required for StatefulSet identity.
88
What K8s objects did the Mongo + Mongo Express demo use?
Deployments, Services, Secrets, PVC (and suggested Ingress/StatefulSet for prod).
89
Two ways to create a Secret?
Imperative: kubectl create secret ...; Declarative: YAML with base64-encoded data.
90
Why use namespaces for staging and production?
Avoid name conflicts, apply quotas and RBAC, isolate environments within one cluster.
91
FQDN format to access a service in a namespace?
92
What is a Helm chart and release?
Chart: packaged K8s manifests; Release: an installed instance of a chart.
93
Why use Helm?
Reuse templates, configurable via values, versioning, large ecosystem of charts.
94
Install MongoDB from Bitnami with custom values file.
helm repo add bitnami https://charts.bitnami.com/bitnami; helm install my-mongo bitnami/mongodb -f custom-values.yaml
95
What files are key in a chart?
Chart.yaml, values.yaml, templates/*.yaml, charts/ (deps).
96
Basic steps for HTTPS via Ingress (local)?
Create TLS cert/secret; add tls section in Ingress; map host in /etc/hosts; access via https.
97
Map current dir into container for dev fast reload.
docker run -v $(pwd):/app -p 8000:8000
98
Stop/start/restart a container.
docker stop ; docker start ; docker restart .
99
Prune stopped containers.
docker container prune
100
How to rebuild after code changes in Compose?
docker-compose up --build
101
How to run tests inside a service?
docker-compose exec pytest (or custom command).
102
Use prebuilt FastAPI image instead of building locally.
Set image: tiangolo/uvicorn-gunicorn-fastapi:python3.11 and configure env/ports.
103
How does scheduler decide placement?
Based on resource requirements, taints/tolerations, affinities, and balancing.
104
How do Services select Pods?
By matching label selectors to pod labels.
105
How to watch pod changes continuously?
kubectl get pods -w
106
How to check cluster components version/health quickly?
kubectl cluster-info; kubectl get nodes
107
How does the K8s scheduler decide placement?
Based on resource requirements, taints/tolerations, affinities, and balancing.
108
How do K8s Services select Pods?
By matching label selectors to pod labels.
109
How to watch pod changes continuously in K8s?
kubectl get pods -w
110
How to check cluster components version/health quickly in K8s?
kubectl cluster-info; kubectl get nodes
111
How to expose an app on Minikube with NodePort?
kubectl expose deployment --type=NodePort --port=
; minikube service
112
Why use ALB with AWS ECS?
Tasks have private IPs; ALB exposes them and balances traffic, supports HTTPS.
113
How to follow logs with timestamps and tail last 10 lines in Docker?
docker logs -t -f --tail 10
114
How to combine commands to reduce layers in Dockerfile?
Use RUN with && to chain apt-get update && install etc.
115
Where to keep secrets during build in Dockerfile?
Do not bake into image; use runtime env/secrets or build-time ARG with caution.
116
What is the difference between ClusterIP and Ingress in K8s?
ClusterIP exposes inside cluster; Ingress routes external HTTP/S to services via a controller.
117
What triggers a Deployment rolling update in K8s?
Changes to spec.template (e.g., image tag).
118
What are the recommended probes for production pods in K8s?
Liveness and readiness probes to detect failure and readiness to receive traffic.
119
What is ReadWriteOnce vs ReadWriteMany in storage?
RWO: one node can mount read/write; RWX: many nodes can mount read/write (needs suitable backend).
120
What is the order of pod creation and deletion in StatefulSet?
Created 0→n in order; terminated n→0 in reverse order.
121
What is the rule of thumb for NodePort with LoadBalancer in Ingress?
Cloud: LoadBalancer only; Local: NodePort or minikube service for access.
Docker-k8s
flashcards
Decks in class (1)
# Cards
